Welcome to the MacNN Forums.

If this is your first visit, be sure to check out the FAQ by clicking the link above.
You may have to register before you can post: click the register link above to proceed.
To start viewing messages, select the forum that you want to visit from the selection below.

Do you run a CMS on your website? If so, which and what version? Does your site include a form that does something? If so, what? How will you upload new files to GoDaddy? Via some sort of web app that includes two-factor authentication, or just plain old FTP? Do you understand enough about file system permissions to not create a directory/file exposed to the entire world?

The security scanners generally don't try to guess your password, because brute force methods such as this are often too disruptive.

Here are some other things an automated scanner might scan for:

1) forms that could be manipulated (SQL injections, XSS, CSRF, etc.) most/all frameworks deal with this automatically, but there might still be some old ass stuff out there that could be found and used to one's advantage. You said you have no forms or middleware language (e.g. Node.js, Ruby, Python, etc.) so this doesn't apply, because straight up HTML and client-side javascript does not provide form processing, and without these languages you don't have a database either

2) outdated versions of software such as WordPress, OpenSSL, etc. that would have known exploits and a recipe for exploitation. You don't run any of this.

3) writable directories where bots can attack other hosts and decentralize. You have no need to change permissions manually because this is unneeded by HTML/Javascript, and your host will have setup sensible default permissions.

4) a scanner would look for rogue services running on TCP/UDP ports, but the chances of this are really low since you haven't provided any sort of attack vector.

I would suggesting googling SFTP, and seeing if GoDaddy provides this service. It will encrypt your password being sent to the server for FTP authentication. Without this if somebody were to perform some sort of man-in-the-middle attack, wifi/network sniffing, etc. they could obtain your clear-text password.

I wouldn't say that the chances of this are high since you probably don't connect to the FTP server very often and so much would have to line up in a sort of perfect storm scenario to pull this off, but if you wanted to do one thing to improve your security this couldn't hurt. There is never a time when an unencrypted option is better than an encrypted option, security-wise.